EMU BOF. EAP-TLS Experiment Report. RFC 2716 Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA
|
|
- Steven Moore
- 6 years ago
- Views:
Transcription
1 EMU BOF EAP-TLS Experiment Report RFC 2716 Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA
2 History of RFC 2716 Goal: support for certificate-based mutual authentication within EAP over PPP -00 draft submitted to PPPEXT WG in October Experimental RFC published in October 1999 Why Experimental? No previous EAP method had supported mutual authentication or key derivation Few existing certificate or smartcard deployments
3 Basics of EAP-TLS EAP Type Code 13 Server certificate REQUIRED (Section 3.1) If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. Client certificate RECOMMENDED (Section 3.1) The certificate_request message is included when the server desires the client to authenticate itself via public key. While the EAP server SHOULD require client authentication, this is not a requirement, since it may be possible that the server will require that the peer authenticate via some other means... If the EAP server sent a certificate_request message in the preceding EAP- Request packet, then the peer MUST send, in addition, certificate and certificate_verify handshake messages. Client authentication can be postponed until later to enable privacy support
4 Subsequent Events EAP evolution Expanded lower layer support (RFC 3748) IEEE 802: IEEE 802.1X, IEEE i, IEEE e VPNs: PPTP, L2TP, IKEv2 Improvements in certificate/smartcard support Regulatory mandates FIPS HIPAA
5 Evaluating the EAP-TLS Experiment Security analyses Implementations Certification programs Deployments
6 Security Analyses Arbaugh & Mishra (2002) Found issues in EAP state machine that could lead to bypass of EAP-TLS server authentication Issues fixed in RFC 3748 & 4137 He, Sundararajan, Datta, Derek & Mitchell A Modular Correctness Proof of IEEE i and TLS Proof of security of EAP-TLS stand-alone and when used with IEEE i
7 EAP-TLS Implementations Peer Windows 2000, XP, CE XSupplicant Meetinghouse AEGIS Funk Odyssey Cisco ACU Devicescape Wire1X Server Windows 2000, Windows 2003 Server pppd FreeRADIUS OpenRADIUS RADIATOR Cisco ACS Funk Odyssey, Steel-Belted RADIUS Meetinghouse AEGIS Interlink Toolkits Matrix SSL Certicom Decode/debug Ethereal Netmon Test Suites Qacafe
8 Certification Programs WFA EAP Certification program EAP-TLS interoperability testing included within WPA certification program, April 2003 Expanded EAP certification program launched in April FIPS compliance FIPS compliant EAP-TLS implementations now shipping Restriction on allowable ciphersuites, key strength, etc. Vendor certification programs Thousands of engineers trained in installing, debugging, maintaining EAP-TLS
9 Deployments Surveys indicate that ~10% of all EAP deployments are using EAP-TLS Among customers who have deployed certificates, EAP-TLS usage is much higher Popular in security conscious environments Government/military Financial institutions Medical Engineering Regulatory mandates play an important role FIPS HIPAA Customers frequently deploy smartcards along with EAP-TLS
10 Summary EAP-TLS has been widely implemented and deployed. EAP-TLS interoperability has been demonstrated in multiple distinct implementations. EAP-TLS certification and testing programs are in place. Recommendation: The experiment has been a success.
11 Possible Next Steps Document the existing protocol in a Draft Standard Improve the protocol in a Proposed Standard
12 Draft Standard Approach Leverage WFA certification testing Identify interoperability problems and clarify specification Remove features that have not been shown to interoperate in two distinct implementations No feature additions beyond what is in RFC 2716 Issue RFC2716bis as Proposed Standard Move document to Draft Standard ASAP with minimal changes
13 Proposed Standard Approach Add features that would be nice to have Required work Redo the proof of security Revise test suites Upgrade certification programs Rewrite documentation, deployment guides Revise implementations Collect interoperability data on revised implementations Problems Unlikely the above work will actually get done Possible introduction of security vulnerabilities and interoperability issues Potential for IPR disclosures encumbering the revised protocol Existing implementations unlikely to upgrade Possible disruption of pending deployments Nice to have features may not supported within certification programs
14 Recommendation Draft Standard approach preferred EAP-TLS is a mature, stable protocol 6 years since publication of RFC 2716 Many distinct, interoperable implementations Proof of security available Stability more important than new features at this point Major deployments in progress Costs of protocol revision outweigh the benefits New features, if needed, can be introduced in a new EAP method
15 Feedback?
802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
More information802.1X Authentication Toolkit Data Sheet
Securing the Mobile Network Product Overview Meetinghouse s 802.1X Authentication Toolkit is a highly portable embeddable source code library for adding 802.1X authenticator functionality to Network Access
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationSummary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL
Summary Numerous papers have been written on the topic of IEEE 802.11 security for wireless LANs (WLANs). The major vulnerabilities of 802.11 security can be summarized as follows: Weak device-only authentication:
More informationRadiator. EAP-SIM and EAP- AKA Support
June 16, 2008 Radiator Radiator EAP-SIM and EAP- AKA Support Copyright (C) 2003-2008 Open System Consultants Pty. Ltd. White paper discussing EAP-SIM and EAP- AKA authentication support for Radiator. For
More informationNetwork Working Group Requests for Commments: 2716 Category: Experimental October 1999
Network Working Group Requests for Commments: 2716 Category: Experimental B. Aboba D. Simon Microsoft October 1999 Status of this Memo PPP EAP TLS Authentication Protocol This memo defines an Experimental
More informationIEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association
IEEE 802.1X workshop Networkshop 34, 4 April 2006. Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association 2005 1 Introduction Introduction (5 mins) Authentication overview
More informationInstall Certificate on the Cisco Secure ACS Appliance for PEAP Clients
Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients Document ID: 64067 Contents Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Service Installation
More informationIEEE e Security Review
IEEE 802.16e Security Review IEEE 802.16 Presentation Submission Template (Rev. 8.3) Document Number: [IEEE S802.16e-05/373, for example. The document number will match that of the base contribution, with
More informationRadiator. EAP-SIM and EAP- AKA Support
September 12, 2011 Radiator Radiator EAP-SIM and EAP- AKA Support Copyright (C) 2003-2011 Open System Consultants Pty. Ltd. White paper discussing EAP-SIM and EAP- AKA authentication support for Radiator.
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationPort-based authentication with IEEE Standard 802.1x. William J. Meador
Port-based authentication 1 Running head: PORT-BASED AUTHENTICATION Port-based authentication with IEEE Standard 802.1x William J. Meador Port-based authentication 2 Port based authentication Preface You
More informationVirtual Private Networks.
Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies
More informationCross-organisational roaming on wireless LANs based on the 802.1X framework Author:
Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:
More informationDesign and Implementation of WIRE1x
Design and Implementation of WIRE1x Yu-Ping Wang 1 Yi-Wen Liu 2 Institute of Communications Engineering Department of Computer Science National Tsing Hua University Hsinchu, Taiwan ichiro, timl, jcchen
More informationMicrosoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security
Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationUsing EAP-TLS with TLS 1.3 draft-mattsson-eap-tls IETF 101, EMU, MAR John Mattsson, MOHIT sethi
Using EAP-TLS with TLS 1.3 draft-mattsson-eap-tls13-02 IETF 101, EMU, MAR 19 2018 John Mattsson, MOHIT sethi draft-mattsson-eap-tls13 EAP-TLS is widely supported for authentication in Wi-Fi. EAP-TLS is
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationIEEE C802.16e-03/71r2. IEEE Broadband Wireless Access Working Group <
Project IEEE 802.16 Broadband Wireless Access Working Group Title Enhancement of 802.16e to Support -based Authentication / Key Distribution Rev. 2 Date Submitted Source(s) 2003-12-29
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in this appendix: Overview, page
More informationJunos Pulse Secure Access Service Release Notes
Junos Pulse Secure Access Service Release Notes 8.0 R3.1 Build 30597 April 2014 Revision 00 Contents Introduction... 2 Interoperability and Supported Platforms... 2 Problems Resolved in this release...
More informationEAP-TLS Smartcards, from Dream to Reality
s, from Dream to Reality 1 Pascal Urien, 1 Mohamad Badra, 2 Mesmin Dandjinou 1-ENST Paris, 2-Université Polytechnique de Bobo-Dioulasso, Burkina Faso. Pascal.Urien@enst.fr, badra@enst.fr, mesmin.dandjinou@voila.fr
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More information802.1X: Background, Theory & Implementation
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationNCP Secure Enterprise Management for Linux Release Notes
Major Release: 4.01 r32851 Date: November 2016 Prerequisites The following x64 operating systems and databases with corresponding ODBC driver have been tested and released: Linux Distribution Database
More informationConfiguring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya
Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya 802.11a/b Wireless Client for User Authentication (802.1x) and Data Encryption - Issue 1.0 Abstract These Application Notes describe
More informationConfiguring Authentication Types
CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access
More informationEAP Fragmentation Implementations and Behavior
EAP Fragmentation Implementations and Behavior Document ID: 118634 Contributed by Michal Garcarz, David Bednarczyk, and Wojciech Cecot, Cisco TAC Engineers. Dec 02, 2014 Contents Introduction Prerequisites
More informationSelection of an EAP Authentication Method for a WLAN
Int. J. Information and Computer Security, Vol. 1, No. 1/2, 2007 Original publication at:http://www.inderscience.com/filter.php?aid=12251 Selection of an EAP Authentication Method for a WLAN Authors: Ali,
More informationTLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationDesign and Implementation of WIRE1x
Design and Implementation of WIRE1x Yu-Ping Wang 2, Jyh-Cheng Chen 1,2, and Yi-Wen Liu 1 1 Department of Computer Science 2 Institute of Communications Engineering National Tsing Hua University Hsinchu,
More informationOctober 4, 2000 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this Memo
Internet Draft draft-hoffman-rfc2487bis-04.txt October 4, 2000 Expires in six months Paul Hoffman Internet Mail Consortium Status of this Memo SMTP Service Extension for Secure SMTP over TLS This document
More informationIEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT
IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT Hüseyin ÇOTUK Information Technologies hcotuk@etu.edu.tr Ahmet ÖMERCİOĞLU Information Technologies omercioglu@etu.edu.tr Nurettin ERGİNÖZ Master Student
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification https://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationJunos Pulse Access Control Service Release Notes
Junos Pulse Access Control Service Release Notes 5.0 R5 Build 25957 June 2014 Revision 00 Contents Introduction... 2 Interoperability and Supported Platforms... 2 Junos Pulse Access Control Service 5.0R5
More informationJu-A A Lee and Jae-Hyun Kim
Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE 802.11i standard supports a secure access control for wireless LAN and
More informationNCP Secure Enterprise Management (Win) Release Notes
Service Release: 4.01 r32851 Datum: November 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows Server 2008 R2 64 Bit Windows
More informationChapter 1 Describing Regulatory Compliance
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationFrom wired internet to ubiquitous wireless internet
WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is
More informationZebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP
Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP This section of the document illustrates the Cisco ACS radius server and how PEAP and WPA-PEAP was configured on
More informationWhat s New in Mobility XE 9.23
Overview What s New in Mobility XE 9.23 Mobility XE version 9.23 is a maintenance release containing bug fixes and stability improvements. For details refer to Known and Resolved Issues on the downloads
More informationNetwork Working Group. February 2005
Network Working Group Request for Comments: 4014 Category: Standards Track R. Droms J. Schnizlein Cisco Systems February 2005 Status of This Memo Remote Authentication Dial-In User Service (RADIUS) Attributes
More informationVPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist
VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet
More information802.1X Deployment with SU1X
802.1X Deployment with SU1X By Gareth Ayres Agenda 1.0 Quick Introduction 2.0 Wireless and Eduroam at Swansea 3.0 The Problems 4.0 The Solutions 5.0 Our solution: SU1X 6.0 SU1X Demo? 1.0 Quick Introduction
More informationVPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1
VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)
More informationKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017 Overview 1. Key reinstallation in 4-way handshake 2. Misconceptions and remarks
More informationRequest for Comments: 2712 Category: Standards Track CyberSafe Corporation October 1999
Network Working Group Request for Comments: 2712 Category: Standards Track A. Medvinsky Excite M. Hur CyberSafe Corporation October 1999 Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationNCP Secure Enterprise Management for Linux Release Notes
Major Release: 5.00 r39572 Date: May 2018 Prerequisites The following distributions and databases with the associated Connector/C drivers are supported with this release: Linux distribution Database Driver
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption
More informationData Sheet NCP Secure Enterprise Management
Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Administration and license management system for NCP Exclusive Remote Access Clients Enables easy rollout and
More informationNCP Secure Enterprise Management for Windows Release Notes
Service Release: 4.05 r35843 Date: June 2017 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows Server 2016 64 Bit Windows Server
More information802.1X: Deployment Experiences and Obstacles to Widespread Adoption
802.1X: Deployment Experiences and Obstacles to Widespread Adoption Terry Simons University of Utah; open1x.org Terry.Simons@utah.edu Jon Snyder Portland State University jon@pdx.edu 802.1X Adoption Ratified
More informationA demonstration is available in which the OpenEapSmartcard.NET device is used as an authentication token, controlling the access to a Wi-Fi network.
1. Summary. T he goal of this project is to release a dotnet smartcard providing authentication services for network resources such as PPP, Wi-Fi and VPN (Virtual Private Network). The Extensible Authentication
More informationMobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE
Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE COURSE TITLE WIRELESS TECHNOLOGY SPECIALIST COURSE DURATION 13 Hours of Interactive Training COURSE OVERVIEW This course will teach you
More informationA Secure Wireless LAN Access Technique for Home Network
A Secure Wireless LAN Access Technique for Home Network *Ju-A Lee, *Jae-Hyun Kim, **Jun-Hee Park, and **Kyung-Duk Moon *School of Electrical and Computer Engineering Ajou University, Suwon, Korea {gaia,
More informationRADIUS Tunnel Preference for Load Balancing
RADIUS Tunnel Preference for Load Balancing and Fail-Over Finding Feature Information RADIUS Tunnel Preference for Load Balancing and Fail-Over Last Updated: July 18, 2011 The RADIUS Tunnel Preference
More informationRADIUS Grows Up. Identity Management for Networks Secure IT Sean Convery Identity Engines
Network Access with Precision through Identity RADIUS Grows Up Identity Management for Networks Secure IT 2007 Sean Convery Identity Engines 2007 Identity Engines, Inc. All Rights Reserved. www.idengines.com
More informationreview of the potential methods
Mandatory iscsi Security review of the potential methods IPS Interim Meeting Nashua NH, May 01 2001 Ofer Biran Thanks to: IBM Research Lab in Haifa Bernard Aboba, David Black, Julian Satran, Steve Senum
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationProtected EAP (PEAP) Application Note
to users of Microsoft Windows 7: Cisco plug-in software modules such as EAP-FAST and PEAP are compatible with Windows 7. You do not need to upgrade these modules when you upgrade to Windows 7. This document
More informationJunos Pulse Secure Access Service Release Notes
Junos Pulse Secure Access Service Release Notes 8.0 R4.1 Build 31475 June 2014 Revision 01 Contents Introduction... 2 Interoperability and Supported Platforms... 2 Problems Resolved in this release...
More informationSecurity for Wireless Handhelds
wireless security solutions security applications developer toolkits professional services Security for Wireless Handhelds integrating strong, transparent security without increasing costs or time-to-market
More informationRequest for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009
Network Working Group Request for Comments: 5422 Category: Informational N. Cam-Winget D. McGrew J. Salowey H. Zhou Cisco Systems March 2009 Dynamic Provisioning Using Flexible Authentication via Secure
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 070-220 Title : Designing Security for a Microsoft Windows 2000 Network
More informationAnalysis of VPN Protocols
Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer
More informationSupported and Interoperable Devices and Software for Cisco Secure Access Control System 5.4
Supported and Interoperable Devices and Software for Cisco Secure Access Control System 5.4 Revised: January 30, 2014 The Cisco Secure Access Control System Release 5.4, hereafter referred to as ACS, works
More informationKRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018
KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned
More informationPhilip Scott Xirrus, Northern Region and Canada Director Wild Wireless. What's New and Different?
Philip Scott Xirrus, Northern Region and Canada Director Philip.scott@xirrus.com 203-247-4412 Wild Wireless What's New and Different? Agenda Wireless Evolution Understanding 802.11 Operation 802.11a /
More informationXML and/or IEEE 802.1x Certificate over secure link Administration Manual
optipoint 410/420 family XML and/or IEEE 802.1x Certificate over secure link Administration Manual bktoc.fm Contens Contens 0 1 Introduction...........................................................
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationCisco PPPoE Baseline Architecture for the Cisco UAC 6400
Cisco PPPoE Baseline Architecture for the Cisco UAC 6400 Document ID: 12915 Contents Introduction Assumption Technology Brief Advantages and Disadvantages of PPPoE Architecture Advantages Disadvantages
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationConfiguring the Client Adapter
CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationAttacking Networks. Joshua Wright LightReading LIVE! October 1, 2003
Attacking 802.11 Networks Joshua Wright Joshua.Wright@jwu.edu LightReading LIVE! October 1, 2003 Attention The material presented here reflects the personal experience and opinions of the author, and not
More informationModule 9. Configuring IPsec. Contents:
Configuring IPsec 9-1 Module 9 Configuring IPsec Contents: Lesson 1: Overview of IPsec 9-3 Lesson 2: Configuring Connection Security Rules 9-11 Lesson 3: Configuring IPsec NAP Enforcement 9-21 Lab: Configuring
More informationCisco Wireless LAN Controller Module
Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN
More informationTM ASSURANCE CONTINUITY MAINTENANCE REPORT FOR BROCADE COMMUNICATIONS SYSTEMS MLXe AND NetIron FAMILY DEVICES WITH Multi-Service IronWare R06.0.
TM ASSURANCE CONTINUITY MAINTENANCE REPORT FOR BROCADE COMMUNICATIONS SYSTEMS MLXe AND NetIron FAMILY DEVICES WITH Multi-Service IronWare R06.0.00 Maintenance Update of Brocade Communication Systems Brocade
More informationImproved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018
Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7 April 2018 Overview Key reinstalls in 4-way handshake New KRACKs Practical impact Lessons learned 2 Overview
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationKRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018
KRACKing WPA2 by Forcing Nonce Reuse Mathy Vanhoef @vanhoefm Nullcon, 2 March 2018 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure that s secure? Seems so! No attacks
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationVirtual Private Network
Running head: Virtual Private Network Virtual Private Network Ann Funk ICTN 6870 ADVANCED NETWORK SECURITY Virtual Private Network Page 1 of 13 Table of Contents Abstract... 2 Introduction... 3 What is
More informationInternet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)
Internet Engineering Task Force (IETF) M. Salter Request for Comments: 6460 National Security Agency Obsoletes: 5430 R. Housley Category: Informational Vigil Security ISSN: 2070-1721 January 2012 Abstract
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationRequest for Comments: 4680 Updates: 4346 September 2006 Category: Standards Track
Network Working Group S. Santesson Request for Comments: 4680 Microsoft Updates: 4346 September 2006 Category: Standards Track Status of This Memo TLS Handshake Message for Supplemental Data This document
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationCisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps
Cisco 300-375 Dumps with Valid 300-375 Exam Questions PDF [2018] The Cisco 300-375 Securing Cisco Wireless Enterprise Networks (WISECURE) exam is an ultimate source for professionals to retain their credentials
More informationPulse Secure Access. Release Notes July R3.2. Build Published Document Version
Pulse Secure Access Release Notes Build Published Document Version 30619 July 2015 8.0 R3.2 Contents Introduction 3 Interoperability and Supported Platforms 3 Problems Resolved in this release 3 Problems
More information[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP) Intellectual Property Rights Notice for Open Specifications Documentation
[MS-SSTP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for protocols,
More informationWebRTC: IETF Standards Update September Colin Perkins
WebRTC: IETF Standards Update September 2016 Colin Perkins WebRTC Goals Server SIP+SDP Server Service SIP+SDP SIP+SDP Alice RTP Bob Alice API RTP API Bob The SIP framework is overly complex and rigid hinders
More information